Summary: Kandji’s Threat Research team has identified a new macOS stealer named “Purrglar,” which is capable of exfiltrating sensitive data from Chrome and Exodus wallets. This malware, still in development, uses macOS Security Framework APIs to query the Keychain for credentials and uploads stolen data to a localhost server. The stealth-focused nature of Purrglar highlights the growing threat of data-stealing malware targeting personal information for criminal activities.
Threat Actor: Unknown | Purrglar
Victim: macOS Users | macOS Users
Keypoints :
- Purrglar exploits the macOS Keychain to access sensitive Chrome and Exodus wallet credentials.
- The malware uploads stolen data to a localhost server, indicating it may still be in development.
- It utilizes Curl APIs for stealthy file uploads, posing a significant risk to users’ personal information.